swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 05:09:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
.dotfiles/modules/nixos/server/restic.nix
Leon Schwarzäugl 3422a39da5
Some checks are pending
Build and Deploy / build (push) Waiting to run
Details
Build and Deploy / deploy (push) Blocked by required conditions
Details
Flake check / Check flake (push) Waiting to run
Details
feat[server]: storage migration finished
2026-01-19 17:43:30 +01:00

88 lines
2.3 KiB
Nix
Raw Blame History

{ lib, pkgs, config, ... }:
let
inherit (config.swarselsystems) sopsFile;
targets = config.swarselsystems.server.restic.targets;
in
{
options.swarselmodules.server.restic = lib.mkEnableOption "enable restic backups on server";
options.swarselsystems.server.restic = {
targets = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
bucketName = lib.mkOption {
type = lib.types.str;
default = name;
};
repository = lib.mkOption {
type = lib.types.str;
};
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
};
withPostgres = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
}));
default = { };
};
};
config = lib.mkIf config.swarselmodules.server.restic {
sops = {
secrets =
lib.mkMerge (lib.mapAttrsToList
(name: _: {
"resticpw-${name}" = { inherit sopsFile; };
"resticaccesskey-${name}" = { inherit sopsFile; };
"resticsecretaccesskey-${name}" = { inherit sopsFile; };
})
targets);
templates =
lib.mkMerge (lib.mapAttrsToList
(name: _: {
"restic-env-${name}".content = ''
AWS_ACCESS_KEY_ID=${config.sops.placeholder."resticaccesskey-${name}"}
AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."resticsecretaccesskey-${name}"}
'';
})
targets);
};
services.restic.backups =
lib.mapAttrs'
(name: target:
lib.nameValuePair target.bucketName {
environmentFile =
config.sops.templates."restic-env-${name}".path;
passwordFile =
config.sops.secrets."resticpw-${name}".path;
inherit (target) paths repository;
pruneOpts = [
"--keep-daily 3"
"--keep-weekly 2"
"--keep-monthly 3"
"--keep-yearly 100"
];
backupPrepareCommand = ''
${pkgs.restic}/bin/restic prune
'';
initialize = true;
timerConfig = {
OnCalendar = "03:00";
};
}
)
targets;
};
}
Reference in a new issue View git blame Copy permalink